Comment

This analysis assumes a man-in-the-middle attack being conducted by an attacker that places a malicious wireless LAN access point.

Credit

Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to Nihon Unisys, Ltd., and Nihon Unisys, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Nihon Unisys, Ltd. coordinated under the Information Security Early Warning Partnership.